Accessibility Resource Center Skip to main content
Get it fast with In-Store & Curbside Pickup or same day delivery.

Fios G1100 Router Parental Controls not Working

SOLVED
Reply
vzw999901
Contributor
Contributor
Posts: 2
Registered: ‎01-11-2021

Fios G1100 Router Parental Controls not Working

Message 1 of 4
(802 Views)

Hi all - I've been struggling with this for a bit - what I want to accomplish is to restrict access to a single website: www.youtube.com, for all devices, starting at 7:00 PM through 12:00PM.

 

I've gone into my router and created these settings - placing www.youtube.com in the restricted box as well as applying the time settings and enabling the rule.

 

The problem is that it just doesn't work. Every device on the network continues to have access to www.youtube.com

 

I can confirm that disabling a device DOES work.

 

I also tried installing the My Fios App - this didn't work either and the UI is a bit different, it requires you to create an 'Exception' and then there are two type of exceptions 'Allow' and 'Block' - I created a block exception and this didn't work either.

 

I've also tried turning off WiFi on one of the devices I'm hoping to block, going in to network settings on that device and 'forgetting' the Wifi network that I am connecting to thereby forcing me to relogin to wifi (I don't know, maybe changes are only applied when the device re-connects?) - but this had no impact either.

 

Any help or tips / pointers would be greatly appreciated!

1 ACCEPTED SOLUTION

Accepted Solutions
Smith6612
Platinum Contributor III Platinum Contributor III
Platinum Contributor III
Posts: 7,562
Registered: ‎12-15-2010

Re: Fios G1100 Router Parental Controls not Working

Message 4 of 4
(680 Views)

What kind of devices are you dealing with? The trick to URL blocking is the router must be able to intercept the request and make an inspection on the URL prior to enforcing the block. YouTube and a few other websites (notably Google hosted sites) don't default to using standard HTTP/HTTPS over TCP for their transport layer, and instead use the QUIC protocol over UDP, which by design, is meant to make monitoring and interception of traffic much more difficult. Thereby creating a situation where you can't block these certain sites, but can block others. Many transparent proxies created by IDS and home routers also can't handle the contents of UDP traffic very well. You might find that behavior is different with Firefox, Safari, or classic Microsoft Edge, but Chrome still punches through. This is why.

 

Another monkey wrench is TLS 1.3. Many sites, once again, Google services, use TLS 1.3 for increased communications security. TLS 1.3 is, by design, meant to be resistant to monitoring and interception. It still operates over the TCP protocol, but transparent proxies once again, can't handle it too well and default to "failing open" meaning, let the traffic pass.

 

The other possibility that comes to mind is, if the domain filtering (not URL Filtering) is done on a DNS level, the device may not be making DNS Queries against the router. Perhaps DNS over TLS or DNS over HTTPS is enabled at an application level. Or security software made changes. Or the system is hardcoded to use other DNS.

 

Just some thoughts here.

View solution in original post

3 REPLIES 3
Cang_Household
Gold Contributor IV Gold Contributor IV
Gold Contributor IV
Posts: 953
Registered: ‎09-06-2020

Re: Fios G1100 Router Parental Controls not Working

Message 2 of 4
(777 Views)

parental control.PNG

Have you done something like this? Can you screenshot the entire configuration page? It seems something is misconfigured.

vzw999901
Contributor
Contributor
Posts: 2
Registered: ‎01-11-2021

Re: Fios G1100 Router Parental Controls not Working

Message 3 of 4
(773 Views)

Hi - yes, this is exactly what I have configured, thank you!

 

In addition, in the window you show, further up on the page I have selected the devices (in this case I just selected all devices). Additionally, below where this screenshot is, was the selection for the time, I chose 7:00pm to 12:00pm.

 

I did this because I wasn't sure how to specify 'All the time' - it is a bit confusing because the start (and end time) would both be 12:00 AM, for something that I want always on.

 

Unfortunately - I the screenshot here is greyed out. In my troubleshooting, I installed the My Fios App on my Android phone, then selected to turn on 'Home Network Protection', I've since turned Home Network Protection off, however, I can no longer 'see' the full detail that your screen shot shows.

 

Here is what I can see - I'm in the support queue now to hopefully revert the Home Network Protection setting from the My Fios App, fingers crossed.

 

Can you confirm that with those settings you have screenshot, that the device is in fact restricted from youtube.com? I had a friend / neighbor try the same configuration as me and they were able to confirm that this configuration did NOT block that website. Thank you!

screenshot.jpg

Smith6612
Platinum Contributor III Platinum Contributor III
Platinum Contributor III
Posts: 7,562
Registered: ‎12-15-2010

Re: Fios G1100 Router Parental Controls not Working

Message 4 of 4
(681 Views)

What kind of devices are you dealing with? The trick to URL blocking is the router must be able to intercept the request and make an inspection on the URL prior to enforcing the block. YouTube and a few other websites (notably Google hosted sites) don't default to using standard HTTP/HTTPS over TCP for their transport layer, and instead use the QUIC protocol over UDP, which by design, is meant to make monitoring and interception of traffic much more difficult. Thereby creating a situation where you can't block these certain sites, but can block others. Many transparent proxies created by IDS and home routers also can't handle the contents of UDP traffic very well. You might find that behavior is different with Firefox, Safari, or classic Microsoft Edge, but Chrome still punches through. This is why.

 

Another monkey wrench is TLS 1.3. Many sites, once again, Google services, use TLS 1.3 for increased communications security. TLS 1.3 is, by design, meant to be resistant to monitoring and interception. It still operates over the TCP protocol, but transparent proxies once again, can't handle it too well and default to "failing open" meaning, let the traffic pass.

 

The other possibility that comes to mind is, if the domain filtering (not URL Filtering) is done on a DNS level, the device may not be making DNS Queries against the router. Perhaps DNS over TLS or DNS over HTTPS is enabled at an application level. Or security software made changes. Or the system is hardcoded to use other DNS.

 

Just some thoughts here.

View solution in original post

How-To Videos
 
The following videos were produced by users like you!
   
Videos are subject to the Verizon Fios Community Terms of Service and User Guidelines and contains content that is not created by Verizon.
Have a spare Fios-G1100?Learn how to bridge it into your network
Get Started


Covid19

Browse Categories
Categories:
Posts

Verizon Troubleshooters
Unable to find your answer here? Try searching Verizon Troubleshooters for more options.